Campaign Management

Campaigns Overview

The campaigns page provides a comprehensive view of all your phishing simulation campaigns, allowing you to monitor progress, analyze results, and manage ongoing operations from a single interface.

Click on any campaign name to access detailed analytics, recipient interactions, and management options for that specific campaign.

Individual Campaign Dashboard

Each campaign's dedicated page provides comprehensive analytics, real-time event timelines, detailed recipient interactions, and administrative actions. This centralized view enables effective campaign monitoring and management throughout the simulation lifecycle.

Campaign Metrics Dashboard

The metrics cards at the top of each campaign page provide instant visibility into key performance indicators, allowing you to quickly assess campaign effectiveness and user engagement levels.

Click on any metric card to view comparative analysis and detailed breakdowns against other performance indicators.

Campaign Performance Metrics

Metric	Description
Recipients	Total number of recipients targeted by this campaign
Emails Sent	Number of emails successfully delivered to date
Emails Read	Unique recipients who opened the email (tracking pixel loaded)
Website Visits	Unique recipients who clicked through to phishing pages

Interactive Campaign Timeline

The campaign timeline provides an interactive, real-time visualization of all campaign events, enabling you to track user interactions chronologically and identify patterns in recipient behavior throughout the simulation period.

Timeline Navigation

• Zoom In: Double-click or scroll to focus on specific time periods
• Event Details: Hover over any event marker to view detailed information
• Time Format: Toggle between 12h and 24h time formats
• Reset View: Click Reset View to see the complete timeline

Campaign Configuration & Management

The campaign details section provides comprehensive information about your simulation configuration, template settings, and available management actions. This centralized control panel enables efficient campaign administration and monitoring.

Click on the Template link to access a detailed visualization and comprehensive information about the template configuration used in this campaign.

Campaign Management Actions

Access powerful campaign management tools through the available action buttons. These controls allow you to modify campaign status, export data, and manage the simulation lifecycle:

Available Campaign Actions

Action	Description
Close Campaign	Immediately completes the campaign and cancels any pending email deliveries. No further interactions will be recorded.
Anonymize Campaign	Closes the campaign and anonymizes all collected data while preserving statistical metrics. Individual recipient data becomes untraceable for privacy compliance.
Export Campaign Events	Downloads a comprehensive CSV file containing all campaign events, interactions, and timestamps for analysis and reporting.

Campaign Events Analysis

The events table provides a detailed chronological view of all campaign interactions, enabling comprehensive analysis of user behavior patterns and campaign effectiveness metrics.

Recipient Performance Analysis

The campaign recipients table provides individual performance tracking for each targeted user, showing their interaction level and current status within the simulation. This granular view enables targeted follow-up training and personalized security awareness initiatives.

The Status column displays the highest-priority interaction event for each recipient, providing quick insight into their engagement level.

Utilize the recipient Actions menu to manually manage email delivery, access detailed event histories, or perform individual recipient management tasks.

Recipient Management Actions

Action	Description
Copy Email	Copies the personalized email content as HTML source code, enabling custom delivery through alternative channels
View Email	Displays the formatted email content in a preview window. Note that viewing will trigger tracking pixels, making this ideal for creating rich copies for third-party email systems
Copy Lure URL	Copies the personalized phishing page URL to clipboard for manual distribution or testing purposes
View Events	Opens the detailed event timeline for this specific recipient, showing all interactions and timestamps

Click on any recipient name to access their individual timeline view, providing detailed interaction history and behavioral analysis:

Creating Your First Campaign

A campaign represents a complete phishing simulation operation, from initial email delivery through final reporting. Each campaign targets specific recipient groups using configured templates and follows defined delivery schedules.

Prerequisites

Before creating a campaign, ensure you have the following components configured:

• A complete campaign template with all required elements
• At least one recipient group with targeted users
• Properly configured domains and email delivery settings

1. Step 1: Basic Campaign Information

   Begin by clicking New Campaign on the campaigns page and configure the fundamental campaign settings.

   

   Campaign Basic Information

   Configuration	Description
   Campaign Name	Descriptive name to identify this simulation campaign
   Template	Pre-configured template containing email design, landing pages, and delivery settings
   Campaign Type	Test campaigns are excluded from statistics and marked with a test label for training purposes

2. Step 2: Target Recipient Selection

   Select the recipient groups that will be targeted in this campaign. Choose from your pre-configured groups to define your simulation audience.

   

   Note: The number displayed beside each group represents the total recipients in that group. Each unique recipient is included only once, even if they belong to multiple selected groups.

3. Step 3: Delivery Method Configuration

   Configure how and when your campaign emails will be delivered by selecting an appropriate delivery method that matches your simulation objectives.

   

   Time Box Delivery

   The Time Box method evenly distributes email sending across your specified time window, ensuring consistent delivery patterns.

   

   Time Box Delivery Options

   Setting	Description
   Delivery Start	Campaign launch date and time
   Delivery End	Campaign completion date and time
   Sort By	Organize delivery order by recipient attributes (e.g., department, location)
   Sort Order	Ascending or descending order for the selected sort criteria
   Auto-Close	Automatically complete campaign at specified time. Completed campaigns stop recording new interactions.
   Auto-Anonymize	Automatically anonymize all recipient data while preserving aggregate statistics for compliance purposes

   Daily Slots Delivery

   Use Daily Slots for precise control over delivery timing, restricting emails to specific weekdays and business hours for maximum realism.

   Example: Monday through Friday, 8:00 AM to 4:00 PM

   

   Daily Slots Configuration

   Setting	Description
   Campaign Duration	Overall start and end dates for the campaign period
   Delivery Sorting	Recipient organization criteria and sort order
   Active Days	Specific weekdays when emails should be delivered
   Delivery Hours	Time window within each active day for email sending
   Auto-Close	Automatic campaign completion settings
   Auto-Anonymize	Scheduled data anonymization for privacy compliance

   Self-Managed Delivery

   Self-Managed campaigns provide maximum flexibility by allowing manual control over email delivery. This method is ideal for custom delivery scenarios, multi-channel approaches, or integration with external systems.

   

   Self-Managed Campaign Options

   Setting	Description
   Manual Close	Configure when to manually complete the campaign and stop recording interactions
   Manual Anonymization	Settings for manually triggered data anonymization while maintaining statistical integrity

4. Step 4: Advanced Campaign Options

   Configure additional campaign features and integrations to enhance your simulation capabilities and data collection requirements.

   

   Advanced Campaign Features

   Feature	Description	Edition Availability
   Data Collection	Enable collection and storage of data submitted by recipients on phishing pages	Enterprise Edition
   IP Filtering	Restrict phishing page access using IP allow/deny lists for enhanced security	Enterprise Edition
   Webhook Integration	Configure real-time event notifications to external systems and APIs	All Editions

5. Step 5: Campaign Review and Launch

   Review all campaign configurations to ensure accuracy before launching your phishing simulation. This final step prevents configuration errors and ensures optimal campaign performance.

   

   Carefully verify all settings, recipient selections, and delivery configurations. When satisfied with your campaign setup, click Create Campaign to launch your phishing simulation.

Campaign Templates

Templates are reusable campaign configurations that combine domains, email delivery settings (SMTP or API), email designs, and landing page sequences. They streamline campaign creation by providing pre-configured simulation components that can be used across multiple campaigns.

Template Management Overview

The templates overview displays all available simulation templates, their configuration status, and associated components. This centralized view enables efficient template management and reuse across your organization's phishing simulation programs.

Template Configuration Components

Component	Description
Template Name	Descriptive identifier for the template configuration
Domain	Configured domain for hosting phishing landing pages
SMTP Configuration	SMTP server settings for traditional email delivery
API Sender	API-based email delivery service configuration
Email Template	Pre-designed email content used for phishing lures
Pre-Landing Page	Optional initial page shown before the main phishing page
Main Landing Page	Primary phishing simulation page where user interactions occur
Post-Landing Page	Final page shown after user interaction (education or redirection)
Completion Status	Indicates if template is ready for use. Incomplete templates may have missing or deleted required components

Creating Campaign Templates

Template creation requires careful planning and configuration of multiple components. Ensure you have all necessary elements prepared before beginning the template creation process.

Prerequisites

Before creating a template, ensure the following components are configured:

• Domain Configuration - Properly configured domain for hosting phishing pages
• Email Delivery Method - Either an SMTP sender or API sender for email delivery
• Email Template - Designed phishing email content with appropriate lures
• Landing Pages - At least one landing page for user interaction

Begin template creation by clicking New Template on the templates page to access the configuration wizard.

Template Configuration Process

Basic Template Information

Setting	Description
Template Name	Descriptive name to identify this template configuration
Delivery Method	Choose between SMTP server delivery or API-based email sending

Delivery Configuration

Email Delivery Settings

Component	Description
SMTP Configuration	Pre-configured SMTP server settings for traditional email delivery
API Sender	API-based email service configuration for advanced delivery options
Email Template	Pre-designed email content that will be sent to recipients

Domain and URL Configuration

Domain and URL Structure Settings

Setting	Description
Domain Selection	Choose the configured domain for hosting phishing landing pages
URL Path	Custom path segment added to domain URLs for enhanced credibility and context (e.g., /login, /secure, /update)
Query Parameter Key	Parameter name used in URLs to identify individual recipients. Customizable for improved URL authenticity
Session State Key	Parameter for tracking multi-page navigation flow when using sequential landing pages

Page Flow Configuration

The page flow defines the complete user journey after clicking the phishing email link. This sequence can include multiple pages to create realistic attack scenarios and educational experiences.

Page Flow Components

Page Type	Purpose and Description
Pre-Landing Page	Optional initial page for user engagement, credential collection, or traffic filtering before the main simulation
Main Landing Page	Primary phishing simulation page where core user interactions and data collection occur
Post-Landing Page	Educational or redirect page shown after interaction completion. Used for security awareness training or realistic redirection
POST Redirect URL	External URL for redirecting users after form submission, maintaining realism and providing educational content or legitimate site access

Microsoft Defender Integration

Microsoft Defender for Office 365 includes advanced security measures that may block legitimate phishing simulation emails. To ensure successful delivery of your security awareness campaigns, you can configure allow listing through Microsoft's Advanced Delivery Policy for third-party phishing simulations.

For templates using SMTP configuration, Phishing Club provides easy access to the required allow listing information. Navigate to the campaign templates page and click Allow listing in the template actions menu to access configuration details.

The allow listing modal displays all necessary information required for configuring Microsoft Defender for Office 365 Advanced Delivery Policy, ensuring seamless integration with your existing security infrastructure.

Microsoft Defender Allow Listing Information

Configuration Field	Description and Usage
MAIL FROM Domain	The domain component of the sender address configured in your template's email settings (RFC 5321.MailFrom)
Sending IP Address	The source IP address for your phishing simulation emails, typically provided by your email infrastructure or SMTP service provider
Simulation URL Pattern	Domain pattern for phishing simulation URLs, usually formatted as yourdomain.com/* to allow all paths and subpages

Microsoft Defender Configuration Steps

Follow these steps to configure allow listing in Microsoft Defender for Office 365:

1. Access Advanced Delivery: Navigate to Microsoft Defender Advanced Delivery
2. Select Tab: Click the Phishing simulation tab
3. Create Configuration: Click Add or Edit to configure third-party phishing simulation settings
4. Enter Values: Input the information from Phishing Club's allow listing modal:
   • Domain: Your MAIL FROM domain
   • Sending IP: Your email sending IP address
   • URLs to Allow: Your simulation domain pattern
5. Save Configuration: Apply the settings to enable allow listing

For comprehensive configuration guidance, consult the official Microsoft documentation on Advanced Delivery Policy configuration.

Advanced IP Filtering

Available in Enterprise Edition

IP filtering provides enhanced security for your phishing simulations by controlling access to landing pages based on source IP addresses. This feature ensures that only intended recipients from authorized networks can access your simulation content, preventing external interference and maintaining campaign integrity.

Configure IP filters during campaign creation in the Advanced Options section. Custom deny pages can also be configured to display alternative content to unauthorized visitors, maintaining operational security.

Creating IP Filter Rules

IP filter rules use CIDR notation to define network ranges and access policies. These rules can be configured as either allow lists (permit only specified IPs) or deny lists (block specified IPs while allowing others).

IP Filter Configuration Options

Setting	Description
Filter Name	Descriptive name to identify this IP filter rule set
Import from File	Upload a text file containing CIDR ranges for bulk configuration of IP filter rules
Filter Type	Choose between Allow (permit only listed IPs) or Deny (block listed IPs) filter behavior
CIDR Ranges	List of IP address ranges in CIDR notation. Single IP addresses are automatically converted to /32 notation for precise matching

Webhook Integration

Webhooks provide real-time integration capabilities by automatically sending HTTP requests to external APIs when campaign events occur. This enables seamless integration with security orchestration platforms, notification systems, ticketing systems, and custom applications for enhanced automation and monitoring.

Each webhook call is triggered immediately when a campaign event occurs, providing instant visibility into user interactions and campaign progress. This real-time data streaming enables rapid response to security awareness training needs and automated workflow integration.

Webhook Request Format

Webhook requests include authentication headers and structured JSON payloads:

Accept-Encoding: gzip
User-Agent: Go-http-client
Content-Length: 142
Content-Type: application/json
X-Signature: 3ec2d0d777495b4410331a8e22de309e393761ed2e16f4271577e812ffaf26e3

{
  "time":"2025-03-30T12:13:00.026471259Z",
  "campaignName":"Example",
  "email":"[email protected]",
  "event":"campaign_recipient_message_sent"
}
		

Available Event Types

Webhooks are automatically triggered for the following campaign events, providing comprehensive coverage of user interactions throughout the simulation lifecycle:

Webhook Event Types

Event Name	Trigger Description
campaign_recipient_message_sent	Email successfully delivered to recipient's mailbox
campaign_recipient_message_read	Recipient opened email (tracking pixel loaded)
campaign_recipient_before_page_visited	Pre-landing page accessed by recipient
campaign_recipient_page_visited	Main phishing landing page accessed by recipient
campaign_recipient_after_page_visited	Post-landing page accessed by recipient
campaign_recipient_submitted_data	Recipient submitted information through phishing page forms

Webhook Security and Verification

Webhook security is implemented through optional HMAC-SHA256 signature verification, ensuring that incoming webhook requests originate from Phishing Club and haven't been tampered with during transmission. This cryptographic verification provides confidence in the authenticity and integrity of webhook data.

When configuring a webhook with a secret key, each request includes an X-Signature header containing an HMAC-SHA256 signature of the request body. Your receiving application can verify this signature to confirm the webhook's authenticity.

Signature Verification Implementation

The X-Signature header contains the request body signed with HMAC-SHA256 using your configured secret key. Here's an example implementation in Go for verifying webhook signatures:

bodyBytes, err := io.ReadAll(body)
if err != nil {
  log.Println("failed to read body for HMAC calculation:", err)
  http.Error(w, "failed to read body", http.StatusInternalServerError)
  return
}

h := hmac.New(sha256.New, []byte("YOUR_SECRET_KEY_HERE"))
h.Write(bodyBytes)
calculatedHMAC := hex.EncodeToString(h.Sum(nil))

// Get the signature from the header
signature := req.Header.Get("x-signature")
if calculatedHMAC != signature {
  http.Error(w, "invalid HMAC signature", http.StatusForbidden)
  return
}
		

Note: When no secret key is configured, the X-Signature header will contain the value UNSIGNED, indicating that signature verification is not available for that webhook.

Creating Webhook Endpoints

Webhook configuration enables real-time event streaming to your external systems and applications. Configure webhooks to receive immediate notifications about campaign events, enabling automated responses and integration with your existing security infrastructure.

Webhook Configuration Settings

Setting	Description
Webhook Name	Descriptive identifier for this webhook endpoint configuration
Target URL	Complete HTTPS endpoint URL where webhook requests will be sent for event processing
Secret Key	Optional secret for HMAC-SHA256 signature generation, enabling cryptographic verification of webhook authenticity